Multiple frontends with same basic auth credentials?

Traefik Traefik v1
1

I have a simple deployment:

  • nginx container with an angular app
  • multiple spring boot containers that support the angular app

I'm using - traefik.frontend.auth.basic which works perfectly fine to protect the angular app, however I'd like to use the same username/password to protect the sprint boot apps as well. The issue is that if I protect the spring boot containers, the ajax api calls to the backend die because the browser doesn't know to ask the user for a password. We're not quite ready to implement something like a larger scale SSO yet - this is in pilot phase. Any suggestions here?

2

Do you use the same domain for your angular app and for your spring boot containers? If this is the case, it should work. If it’s not, your angular app needs to authenticate by itself.

To help us, could you provide your configuration?

3

@juliens,

They have same domain but different subdomains

ui-backend:
    deploy:
        labels:
            - traefik.port=8080
            - traefik.frontend.rule=Host:ui-backend.[projectname].org
            - traefik.redirectorservice.frontend.entryPoints=https
            - traefik.redirectorservice.frontend.redirect.entryPoint=https
            - traefik.webservice.frontend.entryPoints=https

ui:
    deploy:
        labels:
            - traefik.port=80
            - traefik.frontend.rule=Host:ui.[projectname].org
            - traefik.redirectorservice.frontend.entryPoints=https
            - traefik.redirectorservice.frontend.redirect.entryPoint=https
            - traefik.webservice.frontend.entryPoints=https
            - traefik.frontend.auth.basic=USERNAME:$$PASSWORD.

If I add the same - traefik.frontend.auth.basic=USERNAME:$$PASSWORD. to the ui-backend, it does NOT work - ajax requests all fail.

4

If you don't use the same domain/subdomain, you have to authenticate two times (one time per subdomain), even if you use the same USERNAME:PASSWORD. It's like two different website with same user/password.
So if you don't want to need two authentication, you have to use the same sub-domain.